podman v5.0.3 版本更新介绍
发布日期: 2024-05-10
版本号: v5.0.3
此版本修复了安全漏洞CVE-2024-3727,该漏洞存在于containers/image库中,可能允许攻击者利用受害者用户身份进行经过认证的注册表访问。错误修复方面,解决了
podman machine start
在卷目标路径过长时启动失败的问题,并修正了路径包含短横线导致卷挂载位置错误的情况。此外,更新了Buildah至v1.35.4版本,升级了containers/common库至v0.58.3以及containers/image库至v5.30.1版本。
更新内容 (中文)
安全性
- 此版本修复了 CVE-2024-3727,该漏洞存在于 containers/image 库中,允许攻击者以受害者用户身份触发经过认证的注册表访问。
错误修复
- 修复了当机器存在目标路径较长的卷时,
podman machine start
命令会失败的缺陷(#22226)。 - 修复了
podman machine start
挂载包含短横线路径的卷时路径定位错误的缺陷(#22505)。
其他
- 将 Buildah 更新至 v1.35.4
- 将 containers/common 库更新至 v0.58.3
- 将 containers/image 库更新至 v5.30.1
更新内容 (原始)
Security
- This release addresses CVE-2024-3727, a vulnerability in the containers/image library which allows attackers to trigger authenticated registry access on behalf of the victim user.
Bugfixes
- Fixed a bug where
podman machine start
would fail if the machine had a volume with a long target path (#22226). - Fixed a bug where
podman machine start
mounted volumes with paths that included dashes in the wrong location (#22505).
Misc
- Updated Buildah to v1.35.4
- Updated the containers/common library to v0.58.3
- Updated the containers/image library to v5.30.1
下载链接
- podman-5.0.3-setup.exe
- podman-installer-macos-amd64.pkg
- podman-installer-macos-arm64.pkg
- podman-installer-macos-universal.pkg
- podman-remote-release-darwin_amd64.zip
- podman-remote-release-darwin_arm64.zip
- podman-remote-release-windows_amd64.zip
- podman-remote-static-linux_amd64.tar.gz
- podman-remote-static-linux_arm64.tar.gz
- shasums